No, AVG is not the problem but a Chrome extension that is auto installed with AVG is.
The vulnerability was discovered by serial bug finder and Google Project Zero researcher Tavis Ormandy.
Ormandy blamed the half baked extension for the vulnerability.
Websites hosted on HTTPS were also susceptible, Ormandy stating that users of this extension have SSL disabled.
Also, Google has blocked AVGs ability to carry out inline installations of this extension.
Additionally, the Chrome Web Store team is also investigating AVG for possible Web Store policy violations.
If you are using either AVG or Web TuneUp, it is recommended that you upgrade your version immediately.
source: www.techworm.net
